Set up OpenVPN on Centos 5

I’ve decided to setup OpenVPN on my VPS to save me from having a lot of SSH tunnels to the VPS.

First thing I needed to do was to log into my VPS control panel (vePortal)  and enable “Tun/Tap” this will make the “/dev/net/tun” device visible inside OpenVZ. You may or may not need to do that.

Commands are in Italics.

Next thing was to add the RPMForge repo
Download the rpm.
# wget http://packages.sw.be/rpmforge-release/rpmforge-release-0.5.2-2.el5.rf.x86_64.rpm ( I am running 64bit)
Import the GPG key for the repo
# rpm –import http://apt.sw.be/RPM-GPG-KEY.dag.txt
Check to see if the downloaded RPM is tampered with.
# rpm -K rpmforge-release-0.5.2-2.el5.rf.*.rpm
Install the RPM
# rpm -i rpmforge-release-0.5.2-2.el5.rf.*.rpm

Now you can install OpenVPN.
# yum install openvpn.x86_64

Now we need to configure the server.

Find where the easy-rsa files are located
# find / -name easy-rsa
That should return a full path to where the easy-rsa directory and tools are, we need to copy them to “/etc/openvpn”
# cp -R /usr/share/doc/openvpn-2.1.4/easy-rsa /etc/openvpn
Change into the following directory and edit the “vars” file
# cd /etc/openvpn/easy-rsa/2.0
Edit the vars file
# vim vars
You must change at last the following to match your setup:-
export KEY_COUNTRY=
export KEY_PROVINCE=
export KEY_CITY=
export KEY_ORG=
export KEY_EMAIL=

Source the vars file,
# source ./vars
Clean any existing builds
# ./clean-all
Build the CA
# ./build-ca

Next we need to build the server keys
# ./build-key-server server

Then we build the client key
# ./build-key client (you can call this what eve you want)

Lastly we build the Diffie Hellman key
# ./build-dh

Lets relocate the keys we just made.
Copy the following three files to your client “ca.crt client.crt client.key”

Copy the following server keys to “/etc/openvpn”
# cp ca.crt ca.key dh1024.pem server.crt server.key /etc/openvpn

Now we need to configure the server. Copy over a template.
# cp /usr/share/doc/openvpn-2.1.4/sample-config-files/server.conf /etc/openvpn/

This is what my config looks like, its very smilar to the example config.
port 1194
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key
dh dh1024.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
keepalive 10 120
comp-lzo
persist-key
persist-tun
status openvpn-status.log
verb 3
tun-mtu 1500
mssfix 1400
cipher AES-128-CBC

Start the server
# /etc/init.d/openvpn start
Check /var/log/message , you should see “Initialization Sequence Completed”
You also should now see a “tun0” interface under ifconfig

Set it to start on boot.
# chkconfig openvpn on

Advertisements

2 Responses to “Set up OpenVPN on Centos 5”

  1. Jamal Says:

    Why am I getting permission denied errors when trying to run #source ./vars or #./clean-all etc? I am logged in as the root user on the server.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: